1. Field of the Invention
Embodiments of the invention generally relate to data monitoring and trend deviation systems and processes and, more specifically, to a method and apparatus for monitoring source data that is a target of a backup service to detect malicious attacks and human errors.
2. Description of the Related Art
Computer systems and their components are subject to various failures that may result in the loss of data. For example, a storage device used in or by the computer system may experience a failure (e.g., mechanical, electrical, magnetic, etc.) that may make any data stored on the device unreadable. Erroneous software or hardware operation may corrupt the data stored on a storage device and effectively destroy the data stored on an otherwise properly functioning storage device.
To mitigate the risk of losing data, computer networks include backup systems for making backup copies of data stored on various storage devices. One type of backup system includes a dedicated backup server that backs up target data on one or more storage devices used in or by one or more computer systems, such as workstations and/or application servers. The backup server typically backs up the target data periodically according to a schedule. The data may be backed up initially to disk-based storage and then migrated to an archival storage, such as tape-based storage. The backup server may implement any of various known schemes to backup data, including full backups, incremental backups, differential backups, and the like. A full backup is a complete copy of the target data. An incremental backup is a backup that only contains the files that have changed since the most recent backup (either full or incremental). A differential backup is a cumulative backup of all changes made since the last full backup.
A backup service, however, will not protect against unauthorized changes to the target data due to user error, malicious activity (e.g., viruses), or the like. If the target data is deleteriously changed in this fashion, such changes are merely backed up to the backup server. Accordingly, there exists a need in the art for a method and apparatus for monitoring source data that is a target of a backup service in order to detect unauthorized file changes.